Video Episode: https://youtu.be/zgabkAvM5QI In today’s episode, we explore the alarming rise of cybercriminal techniques, including the widespread Hijacked Domains attacks termed ‘Sitting Ducks,’ affecting reputable brands and organizations. We also discuss OpenAI’s ChatGPT sandbox vulnerabilities, which allow excessive access to its internal systems, and examine the RustyAttr trojan’s use of macOS extended file attributes to hide malicious code. Additionally, we cover the sentencing of Robert Purbeck, a hacker who extorted personal data from healthcare providers, reflecting on the broader implications for cybersecurity. Article URLs: 1. https://thehackernews.com/2024/11/experts-uncover-70000-hijacked-domains.html 2. https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-allows-access-to-underlying-sandbox-os-playbook-data/ 3. https://www.bleepingcomputer.com/news/security/hackers-use-macos-extended-file-attributes-to-hide-malicious-code/ 4. https://www.bleepingcomputer.com/news/legal/hacker-gets-10-years-in-prison-for-extorting-us-healthcare-provider/ Music: https://youtu.be/B4gk5tWMvyY?si=q_JjohozMBH7XPNe Timestamps 00:00 – Introduction 01:12 – Sitting Ducks 02:33 – macOS RustyAttr 03:18 – OpenAI ChatGPT security risks 05:00 – Robert Purbeck Sentenced 1. What are today’s top cybersecurity news stories? 2. How are hackers hijacking domains in the Sitting Ducks attack? 3. What vulnerabilities are present in the ChatGPT sandbox environment? 4. What new techniques are hackers using to hide malicious code on macOS? 5. What is the story behind the extortion case of hacker Robert Purbeck? 6. How did threat actors exploit extended file attributes in macOS? 7. What are the implications of the Sitting Ducks attack scheme on businesses? 8. What measures can organizations take to protect against domain hijacking? 9. How did hackers manage to remain undetected with RustyAttr malware? 10. What are the potential risks associated with accessing the ChatGPT playbook? hijacked domains, Sitting Ducks, phishing, DNS settings, Mozilla, OpenAI, ChatGPT, security, macOS, Trojan, Lazarus, cybersecurity, Robert Purbeck, data theft, extortion, privacy, # Intro In a stunning revelation, experts have uncovered 70,000 hijacked domains being exploited in a stealthy ‘Sitting Ducks’ attack scheme, manipulating well-known brands, nonprofits, and even government entities for phishing and investment frauds. This massive domain hijacking operation, ongoing since 2018, exposes significant vulnerabilities in DNS settings that many organizations remain unaware of. Question: How do attackers leverage misconfigurations in DNS settings to execute these sophisticated domain hijackings without immediate detection? Mozilla’s 0-day detective Marco Figueroa exposes how OpenAI’s ChatGPT playground allows extensive access to its sandbox, letting users run Python scripts and access behind-the-scenes playbook data. Despite potential security concerns, OpenAI remains indifferent to curbing this unexpected access to its AI tool. How could accessing ChatGPT’s underlying sandbox and playbook data pose risks to its user security and functionality? Hackers are slyly exploiting macOS extended file attributes to conceal Trojan code in a stealthy attack linked to the infamous North Korean Lazarus group. This innovative evasion technique has successfully sidestepped detection, challenging cybersecurity defenses and pushing the boundaries of malware deployment. How do hackers manage to hide and execute malicious code on macOS devices without triggering alarms? Hacker Robert Purbeck, known online as “Lifelock” and “Studmaster,” has been sentenced to ten years in prison for a series of brazen data thefts and extortion attempts impacting over 132,000 individuals across the United States. His audacious crimes included threatening to expose sensitive personal informati